ENNAENNA

IntelMQ

AGPL-3.0

馃 Threat IntelligencePython

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments) to collect and process security feeds, pastebins, and tweets using a message queue protocol. It provides a modular bot framework where collector bots fetch data from sources, parser bots normalize it into a standard format (IDEA), expert bots enrich and filter, and output bots distribute to databases, ticketing systems, or downstream tools. IntelMQ handles hundreds of feed formats (abuse.ch, Shadowserver, MISP, PhishTank, etc.) and deduplicates across sources. The web management interface (IntelMQ Manager) allows visual pipeline configuration and monitoring.

1.1kstars
314forks
235issues
Updated 3d ago
+I use this
View on GitHubOfficial Website

Installation

$ pip install intelmq

Use Cases

  • Automated collection and normalization of threat feeds
  • CERT/CSIRT incident handling automation
  • Enriching IOCs with contextual information
  • Distributing processed intelligence to downstream systems

Tags

threat-intelligencefeed-processingautomationcertincident-responsealertscsirtcybersecurityfeedshandlingihapincidentintelligenceiocmalwarephishingpythonthreat

Details

Category
馃 Threat Intelligence
Language
Python
License
AGPL-3.0
Platforms
馃惂linux

Links

GitHub Repository

github.com/certtools/intelmq

Official Website

intelmq.org

Releases

github.com/certtools/intelmq/releases

Issues

github.com/certtools/intelmq/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Used in 1 Workflow

馃嵂

Threat Hunting with Honeypots

Intermediate7 steps 路 6-12 hours

Community Reviews

Alternatives & Comparisons

MISP

PHP/Python

Open-source threat intelligence and sharing platform. Structured IOC management, feeds, correlation, and STIX/TAXII export.

Compare IntelMQ vs MISP

OpenCTI

TypeScript/Python

Cyber threat intelligence platform. Knowledge management for threat data with STIX2 native storage and graph visualization.

Compare IntelMQ vs OpenCTI

TheHive

Scala/JavaScript

Incident response case management platform. Collaborative investigation with observable analysis, playbooks, and MISP integration.

Compare IntelMQ vs TheHive

IntelOwl

Python

Threat intelligence management platform integrating 100+ analyzers for enriching observables and malware samples.

Compare IntelMQ vs IntelOwl

More in Threat Intelligence

MISP

PHP/Python

Open-source threat intelligence and sharing platform. Structured IOC management, feeds, correlation, and STIX/TAXII export.

threat-inteliocsharing

OpenCTI

TypeScript/Python

Cyber threat intelligence platform. Knowledge management for threat data with STIX2 native storage and graph visualization.

threat-intelstix2knowledge-graph

TheHive

Scala/JavaScript

Incident response case management platform. Collaborative investigation with observable analysis, playbooks, and MISP integration.

incident-responsecase-managementsoc

GRR Rapid Response

Python

Remote live forensics framework by Google. Deploy agents across thousands of endpoints for artifact collection and analysis.

dfirremote-forensicsendpoint

KAPE

C#

Kroll Artifact Parser and Extractor. Fast triage collection and parsing of forensic artifacts from Windows, macOS, and Linux.

dfirtriageartifact-collection

Cortex

Scala/Python

Observable analysis and active response engine. Analyze IOCs at scale with 100+ analyzers for IPs, hashes, URLs, and domains.

ioc-analysisobservableenrichment